Apple has a bit of an issue. The implementation of the iTunes portion of the Apple ecosystem occurred prior to the iPhone app store, or the arrival of the .Mac service which later became .Me then iCloud service environment. Whew.. That problem is unexpected exposure of user content through the implementations of the subsequent and predecessor technologies. Thanks to a help desk at Apple that isn’t now I’m going to tell you the story of the AppleID and the Asshat.
So, with the iOS5 roll out you get forced integration for most of the functions between iTunes and what has become iCloud. When you fire up your new trusty iOS5 implementation they want your iTunes information. Unfortunately if you used a foreign (non-mobileMe, .Mac) email address to set up iTunes but later got MobileMe because, well.. you bought an iPhone or something crazy… Well you’re in for a heap of trouble If you actually use the services. Most likely a bunch of users aren’t going to really understand what is happening under the hood, and how they are either getting royal screwed (out of service life, features, etc.) or they are going to come up with piss ant work arounds like I did.
Consider in my case I registered way back in the ancient days of iTunes 1.0 using my email from this domain (no fair guessing). Then I bought a heap of iTunes content because I’m mildly brain numb. Luckily I’m smarter than what appears to be state of the art on the Apple help desk. Later on I bought an iPhone because I’m pretty sure I’m an Apple fool (should fool be capitalized? FOOL!). At the time I bought the iPhone I couldn’t use my iTunes account user information as a userID as the systems were not federated. To make matters worse, and I’m not sure if I remember correctly, but .MAC would not let me user the foreign credential due to the “@” symbol. The two accounts and hence AppleID’s simply weren’t connected. With iOS5 they have forced federation.
So with my new shiny iPhone 4s I set up using my iTunes credentials so that my digital content would work. Then I set up my iCloud (using my old MobileMe information) then disabled all of that functionality of the iTunes except content because the iTunes additional functionality though nice doesn’t come with an email account. I have to set that up seperate. There are all kinds of little niggling details to work out when doing this (like notifications, calendars, lost subscriptions, and many more things that simply didn’t work at first). There are several support threads with no commentary from Apple on their support pages.
But wait.. Just one more thing.
It seems at some point somebody using my email address got into MobileMe or there is a bug in the credential systems by Apple. Using my new shiny AppleTV (new gen) I got for $39 (great story there) I set it up using my iTunes credential. Remember they are based on this website domain. So the use of the email address by my friendly nemesis is a vanity thing and he doesn’t get email to it. I’m thinking I’m setting up the sync services for that cool new over the air sync of photos and content, but wait… I get another users content. That’s right I’m looking at a photo stream of some other guys pictures. Not my MobileMe gallery, not my iCloud PhotoStream but his vacation pictures. COOL!!!! By not knowing how the stuff was all integrated I stumbled across some fun things to try. You know. Entering MY email address as a credential.
Seems he used my email address as his MobileMe handle. How? I don’t know. Is is pseudo pointer to another AppleID but my credential? I don’t know. What a great little hack. If you have a new gen AppleTV go to the “Internet” section, down to MobileMe, enter an email address for a users content, and see what you can find. Heck, enter my email address. Why not?
So off I’m going to iCloud/MobileMe support using my iPhone 4s no less via a web chat client because it’s what Apple uses. Well. They use chat clients. I’m the fool using the iPhone 4s. Because I’m just built that way.
After trying to explain several times I have TWO, 2, dos, II, really TWO AppleID’s to Chad. Explaining who I am (chat window, iPhone 4s, I’m an idiot, kids don’t try this at home) I try and get “Chad” to understand. You see I’m talking about having access to somebody else’s content which might be very sensitive (pics, hint hint). My Apple help desk experience deteriorates rapidly. I offer to video the problem since I’m getting mouth breather sounds through the chat windows, but Chad is pretty sure I’m a clueless (l)user and treats me as such. Chad gets quite pissy in chat with me and says if I’m so concerned I should call the police. I explained this is a problem with federated identification and the implementation of the technology that has allowed for a possible exposure of personal identifiable information. He says I should tell the police to arrest the technology. Thanks a lot you are now named “Chad The Apple Asshat”. I was polite, I was considerate, I explained to the best of my (l)user capabilities and you were a fucking jerk moron.
Of course you know I’m not the only person having this issue.
I noticed you or the technology crashed the transcript “Chad the Apple Asshat” so I don’t have the “evidence” which would also include my PII you freaking jerk wad.
So, in summary if you’re using my email address as your MobileMe userID you appear to have quite a lovely family. The pictures of your children are absolutely adorable. Your Summer 11 Trip looks great, I hope you really had a blast i New Braunfels, but where is Okoboji? For everybody else if you know my email address for this domain (even the dimmest hacker should be able to guess) you too can see the other Sam’s pictures using you AppleTV (new gen).
My current Apple ecosystem includes 1 original AppleTV, 1 new enhanced extra user content AppleTV, 2 MacBook Pros, 4 MacBooks, 2 AirPorts, 1 AirPort Express, 3 iPhone 3GS, 3 iPhone 4s, 2 original iPhones various adapters and extras, and an entire work provided MacBook and display environment. For the dumb schmucks on help desks like “Chad the Apple Asshat” I will continue escalating. I will now TELL EVERYBODY, and I hope EVERYBODY tells EVERYBODY else. I’m willing to spend dough to make Asshats on help desks wish they’d been just a little more innovative, considerate, and thoughtful about making the technology just work. Oh, wait… Wasn’t that some tech companies saying, “It just works?” Right up until it doesn’t.
Just remember my fight with Dell? This is going to be better. Please TELL EVERYBODY!!!